Systems and Methods Using Cryptography to Protect Secure Computing Environments
First Claim
1. A method comprising:
- digitally signing at least a first part of a first load module using a first key to yield a first digital signature;
digitally signing at least a second part of the first load module to yield a second digital signature; and
distributing at least the first digital signature and the second digital signature to a first remote electronic appliance, wherein the first remote electronic appliance comprises a protected processing environment operable to authenticate at least one of the first digital signature and/or the second digital signature before the first remote electronic appliance executes the first load module, the protected processing environment being resistant to tampering by a user of the first remote electronic appliance.
0 Assignments
0 Petitions
Accused Products
Abstract
Secure computation environments are protected from bogus or rogue load modules, executables and other data elements through use of digital signatures, seals and certificates issued by a verifying authority. A verifying authority—which may be a trusted independent third party—tests the load modules or other executables to verify that their corresponding specifications are accurate and complete, and then digitally signs the load module or other executable based on tamper resistance work factor classification. Secure computation environments with different tamper resistance work factors use different verification digital signature authentication techniques (e.g., different signature algorithms and/or signature verification keys)—allowing one tamper resistance work factor environment to protect itself against load modules from another, different tamper resistance work factor environment. Several dissimilar digital signature algorithms may be used to reduce vulnerability from algorithm compromise, and subsets of multiple digital signatures may be used to reduce the scope of any specific compromise.
36 Citations
22 Claims
-
1. A method comprising:
-
digitally signing at least a first part of a first load module using a first key to yield a first digital signature;
digitally signing at least a second part of the first load module to yield a second digital signature; and
distributing at least the first digital signature and the second digital signature to a first remote electronic appliance, wherein the first remote electronic appliance comprises a protected processing environment operable to authenticate at least one of the first digital signature and/or the second digital signature before the first remote electronic appliance executes the first load module, the protected processing environment being resistant to tampering by a user of the first remote electronic appliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium comprising program code, the program code being operable, when executed by a computer system, to cause the computer system to perform steps comprising:
-
digitally signing at least a first part of a first load module using a first key to yield a first digital signature;
digitally signing at least a second part of the first load module to yield a second digital signature; and
distributing at least the first digital signature and the second digital signature to a first remote electronic appliance, wherein the first remote electronic appliance comprises a protected processing environment operable to authenticate at least one of the first digital signature and/or the second digital signature before the first remote electronic appliance executes the first load module, the protected processing environment being resistant to tampering by a user of the first remote electronic appliance. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system comprising:
-
means for digitally signing at least a first part of a first load module using a first key to yield a first digital signature;
means for digitally signing at least a second part of the first load module to yield a second digital signature; and
means for distributing at least the first digital signature and the second digital signature to a first remote electronic appliance, wherein the first remote electronic appliance comprises a protected processing environment operable to authenticate at least one of the first digital signature and/or the second digital signature before the first remote electronic appliance executes the first load module, the protected processing environment being resistant to tampering by a user of the first remote electronic appliance. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification